Open MorningLightMountain713 opened 5 months ago
Of note, I have another box, running the exact same config, but on the above mentioned prior versions - working fine. As a test, I'd like to revert back to that firmware. If someone could let me know how to downgrade the base package, I'll try that and see if I can get it working again.
I downgraded the kernel with opnsense-update -kr 23.7.8 but that only did the kernel, not the base
I uninstalled the os-upnp
plugin and reinstalled it and now I get this:
root@OPNonsense:~ # /usr/local/sbin/miniupnpd -d -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid
miniupnpd 9122 - - version 2.3.3 starting UPnP-IGD ext if ovpnc1 BOOTID=1704534859
miniupnpd 9122 - - HTTP listening on port 2189
miniupnpd 9122 - - no HTTP IPv6 address, disabling IPv6
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - level=0 type=20
miniupnpd 9122 - - sdl_index = 1 vtnet0:26.de.4a.b8.c0.b
miniupnpd 9122 - - ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1 (ver=1)
miniupnpd 9122 - - SSDP M-SEARCH from 192.168.44.10:42181 ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
miniupnpd 9122 - - Single search found
miniupnpd 9122 - - SendSSDPResponse(): 0 bytes to 192.168.44.10:42181 ST: HTTP/1.1 200 OK
CACHE-CONTROL: max-age=120
ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1
USN: uuid:309d5874-e90c-98d9-d8b1-7d90bc9d69e::urn:schemas-upnp-org:device:InternetGatewayDevice:1
EXT:
SERVER: FreeBSD/13.2-RELEASE-p7 UPnP/1.1 MiniUPnPd/2.3.3
LOCATION: http://192.168.44.1:2189/rootDesc.xml
OPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS: 1704534859
BOOTID.UPNP.ORG: 1704534859
CONFIGID.UPNP.ORG: 1337
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - HTTP REQUEST from 192.168.44.10:47308 : GET /rootDesc.xml (HTTP/1.1)
miniupnpd 9122 - - Host: 192.168.44.1:2189
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - HTTP REQUEST from 192.168.44.10:47324 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd 9122 - - Host: 192.168.44.1:2189
miniupnpd 9122 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetStatusInfo
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - HTTP REQUEST from 192.168.44.10:47336 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd 9122 - - Host: 192.168.44.1:2189
miniupnpd 9122 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - HTTP REQUEST from 192.168.44.10:47338 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd 9122 - - Host: 192.168.44.1:2189
miniupnpd 9122 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#GetExternalIPAddress
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - HTTP REQUEST from 192.168.44.10:47348 : POST /ctl/IPConn (HTTP/1.1)
miniupnpd 9122 - - Host: 192.168.44.1:2189
miniupnpd 9122 - - SOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping
miniupnpd 9122 - - AddPortMapping: ext port 2222 to 192.168.44.10:2222 protocol TCP for: libminiupnpc leaseduration=600 rhost=
miniupnpd 9122 - - UPnP permission rule 0 matched : port mapping accepted
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
miniupnpd 9122 - - Check protocol tcp for port 2222 on ext_if ovpnc1 10.0.2.2, 0202000A
miniupnpd 9122 - - 012ca8c0:2189 0a2ca8c0:47348 <=> 2222 0202000a:2222
miniupnpd 9122 - - 012ca8c0:2189 0a2ca8c0:47338 <=> 2222 0202000a:2222
miniupnpd 9122 - - 012ca8c0:2189 0a2ca8c0:47336 <=> 2222 0202000a:2222
miniupnpd 9122 - - 012ca8c0:2189 0a2ca8c0:47324 <=> 2222 0202000a:2222
miniupnpd 9122 - - 012ca8c0:2189 0a2ca8c0:47308 <=> 2222 0202000a:2222
miniupnpd 9122 - - 00000000:2189 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 012ca8c0:22 692010ac:64749 <=> 2222 0202000a:2222
miniupnpd 9122 - - 0100007f:953 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 00000000:53 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 00000000:53 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 00000000:80 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 00000000:443 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 012ca8c0:22 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - 0100007f:22 00000000:0 <=> 2222 0202000a:2222
miniupnpd 9122 - - redirecting port 2222 to 192.168.44.10:2222 protocol TCP for: libminiupnpc
miniupnpd 9122 - - ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: Invalid argument
miniupnpd 9122 - - Returning UPnPError 501: ActionFailed
miniupnpd 9122 - - ioctl(dev, DIOCGETRULES, ...): Invalid argument
I rebooted, now back to the original issue
I can say with considerable confidence that pfSense likely broke this. It's a recurring pattern around libpfctl at the moment... https://github.com/opnsense/ports/commit/ea2bfadb1410934a2d9 -> https://github.com/freebsd/freebsd-ports/commit/81e8bb9834
# opnsense-revert -r 23.7.10 miniupnpd
I can say with considerable confidence that pfSense likely broke this. It's a recurring pattern around libpfctl at the moment... opnsense/ports@ea2bfadb1410934a2d9 -> freebsd/freebsd-ports@81e8bb9834
# opnsense-revert -r 23.7.10 miniupnpd
Hey! I ran the above command - now my forwards are working again! Awesome! Just for my learnings, can you explain what it did please?
Thanks!!
The command reinstalled the miniupnpd package of OPNsense version 23.7.10 which doesn’t use libpfctl as it did for many years. 😉
Cheers, Franco
If anyone wants to submit an upstream bug report be my guest... https://bugs.freebsd.org
I'm done dealing with libpfctl breakage.
If anyone wants to submit an upstream bug report be my guest... https://bugs.freebsd.org
I'm done dealing with libpfctl breakage.
I'll get this logged and fight the good fight upstream!
Hey! I have exactly the same issue and your opnsense-revert command fixed this for me too!
Thank you @fichtner
Thank you! I will stay tuned for updates
I can say with considerable confidence that pfSense likely broke this. It's a recurring pattern around libpfctl at the moment... opnsense/ports@ea2bfadb1410934a2d9 -> freebsd/freebsd-ports@81e8bb9834
# opnsense-revert -r 23.7.10 miniupnpd
my opensense version is 24.1.7, Is there an suitable miniupnpd version which doesn’t use libpfctl? Thank you.
# opnsense-revert -z miniupnpd
This is a snapshot release of 2.3.6 to try.
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug I upgraded to latest version. Port forwarding no longer works. This worked fine on
os-upnp 1-5_4
opnsense version23.7.9
with base and kernel23.7.8
. (I would downgrade but can't seem to get back to base 23.7.8, I reverted the kernel but it keeps the latest base)To Reproduce On a client I run the following, and it usually opens a port:
However you can see above, it seems to add the port, but then fails to try and read the info. If I look at the gui, it seems to have added it, but it hasn't. See screenshot, you can see where I've added the same forward twice. (this shouldn't happen)
If I then run
It doesn't see the port forward, even though the gui says it's there.
Running miniupnpd with
-d
this is the output:Expected behavior Run the command and a port is forwarded
Screenshots See above screenshot
Relevant log files See above miniupnpd logs
Additional context NA
Environment
os-upnp 1-5_5 opnsense 23.7.11 kernel 23.7.10